Skip to content

Latest commit

 

History

History
23 lines (13 loc) · 1.6 KB

README.md

File metadata and controls

23 lines (13 loc) · 1.6 KB

Software and system transparency - Transparency Exchange API (TC54-TG1)

Scope

Ecma TC54-TG1 is chartered to develop and maintain a standardized, format-agnostic API that enables the efficient discovery and exchange of Bills of Materials (BOMs) and other related artifacts between systems. The API will facilitate the handling of sensitive data, supply chain intelligence, and provide a standardized mechanism to publish, distribute, consume, and control access to all parties in the software supply chain.

Programme of work

  1. To develop a standard for the transparency exchange API (project Koala) for discovering and sharing of software transparency information.
  2. To define the API architecture and data models, incorporating elements such as xBOM, CDXA, VDR/VEX, CLE, and insights.
  3. To develop specifications for each component, focusing on security, scalability, and performance.

Objectives

  • Standardization of BOM discovery and exchange: Develop a universally applicable API that supports a wide variety of BOM types including SBOM, HBOM, AI/ML-BOM, SaaSBOM, and CBOM.
  • Integration with existing protocols: Wherever possible, the API will leverage existing solutions, protocols, and APIs to accelerate development and adoption.
  • Support for access control: Enable robust access control mechanisms to manage the distribution of sensitive or restricted artifacts.

Automation compatibility: Ensure the API is suitable for automated systems, eliminating the need for manual interactions for ongoing operations.